Category Archives: News

“Fusion centers” are intelligence-aggregation operations, created after the 9/11 Commission found that, had agencies (namely the FBI and CIA) engaged in more free and open sharing of information, the terrorist attacks could have been prevented. (The laws in 2001 permitted sharing that would have prevented the attacks; but the agencies were overly cautious about sharing data out of turf concerns.)

There are now at least 78 fusion centers dispersed throughout the United States. They claim to focus mostly on collecting intelligence of activity that may have a “nexus” to terrorism, but also criminal activity more broadly. But they operate in almost total darkness, with virtually no transparency. The little we do know suggests that fusion centers neither prevent terrorist acts nor respect First Amendment rights to free speech and free association.

The Intercept reported last week on the fusion centers’ targeting of Black Lives Matter protests, but there are also many other examples, going back to the fusion centers’ founding. The ACLU of Massachusetts found that the Boston Regional Intelligence Center — one of two fusion centers in the Bay State — was spying on antiwar groups; the Austin Regional Intelligence Center was caught monitoring peaceful animal rights activists protesting a circus (I reported on this for MuckRock); and a fusion center in Nebraska — the Nebraska Information Analysis Center — has a special network focusing on activists opposing the Keystone XL pipeline. They justify such activities by claiming that they are monitoring “for situational awareness”, and that this doesn’t constitute surveillance. In fact, that’s exactly what surveillance is; “For Your Situational Awareness” is military jargon for obtaining the intelligence needed to make appropriate battlefield decisions.

Given the lack of sunlight surrounding the everyday activities of the dozens of fusion centers throughout the country, we decided we want to find out more. Naturally, we filed a public records request. We wanted to find out where our other local fusion center — the Commonwealth Fusion Center run by the Massachusetts State Police — gets their intelligence; who has authorized access to their databases; whether any errors in their databases have been discovered; and what kind of information the CFC has on myself and Alex Marthews, the national chair of Restore the Fourth.

Imagine this story. “A shadowy group referred to in the press as “the JTTF” has claimed responsibility for a planned attack on a college cafeteria. Aspiring martyr Alex Ciccolo, 23, of North Adams, MA, apparently fell under the influence of this group over a year ago. The JTTF has over one hundred cells located all over the country.

This is not the first time the JTTF has claimed responsibility for fomenting fear in our nation’s cities. It has a pattern of recruiting vulnerable, mentally ill young men, often playing on their religious feelings to incite them into criminal attacks on their fellow Americans.”

This reads like an absurd fiction, but it’s actually a fairly accurate description of the work done by the FBI’s Joint Terrorism Task Force on the recently announced Ciccolo case and in many other similar cases over the years.

First, to the facts. On July 14, it was announced that Alexander Ciccolo, 23, of North Adams, MA, had been arrested on July 4 for felony possession of four firearms previously used in interstate commerce. It was a felony because he had previously been convicted of a DUI in February of this year. The firearms had been delivered to him by a confidential FBI informant being paid by the FBI’s Western Massachusetts JTTF.

A supporting affidavit alleges, based on the testimony of a paid confidential informant, that Ciccolo intended to attack targets such as “college cafeterias”, maybe in Massachusetts and maybe elsewhere, and had expressed support for ISIS; and that Molotov cocktails, jihadist materials, and terror attack planning materials were found at his home. The FBI says they were tipped off by Ciccolo’s father, a police captain, that Ciccolo has had a history of mental illness and had been interested in Islam for about a year. The Western Mass Joint Terrorism Task Force took on the task of surveilling Ciccolo, and found a Facebook profile associated with him, which expressed an interest in martyrdom. It appears that the JTTF then arranged for a confidential informant to meet with Ciccolo and gain his trust. Wiretapped conversations then suggest that Ciccolo “spoke about his plans to travel to another state to conduct terrorist attacks on civilians, members of the U.S. military and law enforcement personnel”, a plan which later developed into a desire to attack an unspecified college cafeteria. Ciccolo bought a pressure cooker on July 3, and then was furnished with the guns by the confidential informant on July 4.

This case is worth probing because, horrifying as Ciccolo’s intentions may have been – we can all be glad that no such attack took place – it raises important questions about how counter-terrorism work is done in America today.

I was willing to lay money that our friendly neighborhood fusion centers, the state-and-DHS-funded arms of the surveillance state, would be mixed up with HackingTeam somewhere. Looks like I win that bet.

Email #2640 shows the setup of a presentation from HackingTeam to the New Jersey fusion center’s most senior people, which apparently went ahead on November 1, 2013. The meeting was a success; by January, email #255362 shows that the fusion center was “interested in deploying” HackingTeam’s product. The subject line “DaVinci” shows what software is involved; “DaVinci” is the brand name for HackingTeam’s “remote control system” that promises to “break encryption and allow law enforcement agencies to monitor encrypted files and emails, Skype and other Voice over IP or chat communication […] It allows identification of the target’s location and relationships. It can also remotely activate microphones and cameras on a computer and works worldwide.” DaVinci has infamously been used by Middle Eastern governments to spy on Arab Spring activists.

It appears that the senior NJROIC figures were “excited about its capabilities.” I’ll bet they were.

The emails don’t go on to show whether NJROIC actually implemented DaVinci. Whether or not they did, it’s reasonable to deduce that NJROIC has a strong interest in being able to subvert NJ residents’ communications privacy. Reached for comment, an NJROIC spokesman was at pains to state that everything they do is under the guidance of the Attorney-General, conforms to applicable laws, and involves obtaining court orders and warrants as appropriate, but would not be drawn on the hypothetical question of whether encryption-subversion software would be treated as requiring a warrant.

Subverting encryption is, to an extent, a natural part of the arms race between users on one side, and the government and criminal hackers on the other. But if it’s done without the procedural safeguards embodied in the Fourth Amendment – safeguards that third-party firms like HackingTeam appear willing gleefully to ignore in pursuit of juicy contracts – it opens all of our communications to the government’s unsleeping eye, whether we try to encrypt them or not. The government should steer well away from this kind of “offensive cybersecurity”, and focus on keeping its elderly, hole-filled networks secure instead of exploring new ways to weaken yours and mine.

In the runup to last night’s sunset of three PATRIOT Act authorities, TV-watchers were barraged with lurid threats of “horrific terrorist attacks and violence” that would be our lot if we dared to let go of any of them. And then the authorities did sunset, and we all woke up this morning, still alive, and mysteriously unmassacred.

Look around you. What you see outside is that apocalypse’s first day, and … we’re OK. A small part of the surveillance state has stopped collecting new data. In the full daylight, cops are still stopping suspects. In the shadows, PRISM collection continues, unreformed. But this morning proves that Section 215 was never needed. The dragnets enabled under it didn’t do a blind bit of good.

This is hard to swallow, but it’s true. There never was, on this topic, any “tradeoff between privacy and security”. There never was any well-intentioned desire to Keep Us Safe™. The NSA felt able to launch mass metadata dragnets, and they did. That’s it. No-one really bothered analyzing whether the dragnets really worked. It wasn’t about effectiveness, or about safety. It was about fostering a culture of submission to authority.

In the same way, more locally, for twenty years and more, the NYPD wasted millions of dollars in staff time, conducting suspicionless “stop and frisks” of millions of people who had done nothing wrong. When questioned, they argued that without stop and frisk, lawlessness would run rampant. And then, when they were forced to stop last year, what happened? Crime fell.

In the same way, after 9/11, we took the Fourth Amendment, and broke it. We chose to torture people, run secret prisons, and launch illegal wars, all, again, to Keep Us Safe. It was, and is, for nothing. The bombs we dropped, the pain we caused, the lives we took, were all in vain.

We should be under no illusions now. The claim that Section 215 was needed, like the claim that the Iraq War was needed, were always nonsense. In all likelihood, the claims we need the other mass surveillance systems are nonsense too. Don’t go telling us that we can’t do without, say, mass internet surveillance under Section 702 of the FISA Amendments Act, or without full take of entire countries’ audio and Internet communications under Executive Order 12,333. We’ve done without such things before. We can do without them again. We gain no safety from submission, and it should not have taken fourteen years to learn that lesson, stop submitting and start standing up straight again.

Here’s the bad news. Not only the sunset happened last night. The Senate also voted for cloture on the USA FREEDOM Act, which would put these three expired provisions back into law, by a margin of 77 to 17. On Tuesday, they’ll vote on the bill itself, and it looks likely, based on the cloture vote, to pass. Even if there are no amendments, the President will sign it. So on the third day after sunset, Section 215 will rise again, like a new-bitten zombie, and start looking for prey. Undead Section 215 will be a little different – for example, instead of holding the dragnet data itself, the NSA will pay Internet and phone companies to hold onto it, and it’s likely that when it passes it will allow the NSA to instruct companies to format the data in such a way that the NSA can query it almost frictionlessly. Permanent sunset will mean the NSA actually has to collect less, and that’s so unimaginable to Senators – well, to all but a very few Senators – that they are racing to restore the lapsed parts of the PATRIOT Act and deprive you and me once again of the liberties we have so improbably won back.

So I say to our more servile Senators: Don’t you dare restore the PATRIOT Act. You aren’t here above all to Keep Us Safe™; you’re here above all to protect the Constitution. Endorsing the USA FREEDOM Act breaks that oath. Look at the side the fearmongers have taken, and the profits they stand to make, and vote the other way. Vote No on the USA FREEDOM Act tomorrow, and then let’s discuss, deeply, seriously, openly and fearlessly, what kinds of surveillance the Constitution will allow. The American people are ready to breathe more freely and live their lives less watched. It’s time to move forward.

The House just voted to pass the USA FREEDOM Act, which reauthorizes and alters Section 215 of the PATRIOT Act, with a vote of 338 to 88. It’s being depicted as a landslide in favor of reform. It is, sadly, anything but. This is why.

Last week’s ruling by the 2nd Circuit fundamentally changed the Congressional debate. Senator McConnell, the Majority Leader, had been pushing for a straight reauthorization of Section 215 of the PATRIOT Act. But the 2nd Circuit ruling said, among much else, that if Congress did a straight reauthorization of the same language, then their ruling that mass metadata surveillance was unlawful would still stand. In other words, straight reauthorization will no longer get surveillance defenders what they want. So, as the next best thing, the administration and the intelligence committees swung behind the USA FREEDOM Act. This Act would impose token limits on how much they can collect with a single request, but would modernize intelligence collection for a world where much communication is not an actual phone call. As a compromise between moderate surveillance reformers and the intelligence community, it actually offers a lot that the intelligence community likes. So it looks much better to them at this point than straight reauthorization (=no mass metadata surveillance under Section 215) or straight sunset (=no mass metadata surveillance under Section 215).

Last Thursday’s 2nd Circuit Court of Appeals ruling in ACLU v. Clapper threw a bomb into the middle of the debate over renewing the legal authority governing the NSA’s mass metadata surveillance programs. In a unanimous ruling, the Justices held that such programs, untethered to the limiting factor of what is relevant to a specific investigation, were never authorized under Section 215 of the PATRIOT Act.

Bob Litt, the general counsel of the Office of the Director of National Intelligence, scrambled to respond, arguing at a panel on transparency in DC on May 8 that the ruling is not binding on the FISC, that it is not currently in effect, and that it will be overturned soon anyway. Senate Intelligence Committee Chairman Richard Burr (R-NC), who vehemently supports mass NSA surveillance, is contending that “I think the statutory language today allows the NSA to do exactly what they’re doing […] I have a very tough time thinking the Supreme Court would look at this law […] and come to the conclusion that we didn’t empower the NSA to do bulk collection.” In the same article, Stewart Baker, the former general counsel for the NSA, is reported as deriding the ruling as a “97-page law review article” whose “significance is close to zero.”

Collectively, these assertions are the public face of what’s nothing less than a desperate effort by the NSA to declare itself literally above the law. But let’s take them one at a time, shall we?

Sample form for internal passport for prisoners of war, Geneva Conventions, 1956

Traveling in today’s America is becoming more and more constrained. Every year, there are more checks, more searches, and more guards. If you go by car, ALPR systems will track you. If you go by plane, you and your belongings can be legally searched, groped, mocked, impounded or vandalized. If you stay in a motel, your information may be shared up front with law enforcement. And now, even the trains are getting on the act.

The aptly-named PapersPlease.org filed a Freedom of Information Act request last October asking how Amtrak handled sharing of information with the Department of Homeland Security. While Amtrak is regularly subsidized, it is legally a private company, and as such should not share information on passengers unless the police provide them with a valid, individualized probable-cause warrant. You know, that old Fourth Amendment thing?

We’re asking everybody to call their Congressmember (Massachusetts numbers below the fold) to support HR1466, the Surveillance State Repeal Act, a bipartisan bill we helped introduce that would truly end mass surveillance. This is why it matters.

On June 1, the part of the PATRIOT Act that has been used to legitimate the mass collection of all of our phone call information, and much else besides, will lapse, It’s a terrible provision known as “Section 215.” Section 215 allows the FBI – and, it appears, other intelligence agencies too – to collect “any tangible things” that are “relevant” to a terrorism investigation. As it turns out, the intelligence community has argued explicitly that every single call in the United States is “relevant”. So, it appears, if we don’t let the NSA know exactly when I called the Danish Pastry House in Watertown about my one-year-old daughter’s first birthday cake, then ISIS will destroy us all.

There has been no legislation proposed yet from either chamber of Congress to renew Section 215. The intelligence community is panicking, and is apparently literally waving pictures of the burning Twin Towers at our elected officials, and telling them that if Section 215 lapses and there’s another attack, it’ll be the lawmakers’ fault and ISIS will destroy us all.

There may be a bill launched next week that would renew it, called the USA FREEDOM Act. Many civil liberties groups plan to support it, because it would also include reforms to Section 215, and may also reform (not repeal) the government’s other mass surveillance programs. We haven’t seen that bill yet, but it would have to be very strong to make it a better deal than simply letting the government’s Section 215 authority die.

There’s actually no evidence that Section 215’s mass surveillance programs have ever stopped a terrorist attack, and the government’s own reports have repeatedly shown that it has never stopped one. Follow me below the fold for the explanation why, and for the numbers to call!

Mass surveillance is damaging enough; but the capabilities we have handed to the surveillance agencies create a different kind of opportunity for the empire-building surveillance bureaucrat.

The constant claim is that Americans are not “wittingly”“targeted” under the dragnet; it’s just that their communications are vacuumed up “incidentally” because they are one, two, or three “hops” from a given “target”, a category that includes a shifting set of millions of people at a time. But even that face-saving statement is a lie. American citizens are “targets” themselves, and there’s an obvious category of people it would make strategic sense for the surveillance agencies to target: Namely, the set of people with authority over the budgets and remits of the surveillance agencies themselves.

NSA whistleblower Russell Tice is much less well known than Edward Snowden, but his testimony is just as explosive. Here’s an interview he gave in 2013, with a partial transcript:

Okay. They [the NSA] went after members of Congress, both Senate and the House, especially on the intelligence committees and on the armed services committees and judicial. But they went after other ones, too. They went after heaps of lawyers and law firms. They went after judges. One of the judges [Samuel Alito] is now sitting on the Supreme Court that I had his wiretap information in my hand. Two are former FISA court judges. They went after State Department officials. They went after people in the White House–their own people. They went after antiwar groups. They went after U.S. companies that that do business around the world. They went after U.S. banking firms and financial firms that do international business. They went after NGOs like the Red Cross that that go overseas and do humanitarian work. They went after a few antiwar civil rights groups. So, you know, don’t tell me that there’s no abuse, because I’ve had this stuff in my hand and looked at it.

It’s been widely reported that the NSA, under the constitutionally suspect authority of Section 215 of the PATRIOT Act, collects all Americans’ phone metadata. Congress has not yet passed any reforms to this law, but there have been many proposals for changes and the national debate is still raging. Yet Americans’ data is also being collected under a different program that’s entirely hidden from public oversight, and that was authorized under the Reagan-era Executive Order 12333.

That’s the topic of a TEDx-Charlottesville talk by whistleblower John Napier Tye, entitled “Why I spoke out against the NSA.” Tye objected to NSA surveillance while working in the US State Department. He explains that EO 12333 governs data collected overseas, as opposed to domestic surveillance which is authorized by statute. However, because Americans’ emails and other communications are stored in servers all over the globe, the distinction between domestic and international surveillance is much less salient than when the order was originally given by President Reagan in 1981.